<?php
if(!defined('IN_PHP')){
	die("hacking attempt");
}
function make_safe($variable) {
    $variable = htmlentities($variable, ENT_QUOTES); 
    if (get_magic_quotes_gpc()) { 
      $variable = stripslashes($variable); 
    }
    $variable = mysql_real_escape_string(trim($variable));
    $variable = strip_tags($variable);
    return $variable;
}
function xmysql_connect(){
	global $mysql_host, $mysql_user, $mysql_pass, $mysql_db;
	@mysql_connect($mysql_host, $mysql_user, $mysql_pass) or die('Could not connect to database: ' . mysql_error());
	mysql_select_db($mysql_db) or die('Could not select database: ' . mysql_error());
	//the @ symbol hides errors but I use die() for errors instead.. google it
}
//my mysql_close() function
function xmysql_close(){
  global $mysql_host, $mysql_user, $mysql_pass, $mysql_db;
  @mysql_close($mysql_db);
}
function get_user() {
	$query = "select user from users where session='".session_id()."'";
	$result = mysql_query($query);
	if($result == NULL)
		return NULL;
	$line = mysql_fetch_array($result, MYSQL_ASSOC);
	mysql_free_result($result);
	if($line === FALSE)
		return NULL;
	return $line['user'];
}
function get_user_level() {
	$query = "select level from users where session='".session_id()."'";
	$result = mysql_query($query);
	if($result == NULL)
		return NULL;
	$line = mysql_fetch_array($result, MYSQL_ASSOC);
	mysql_free_result($result);
	if($line === FALSE)
		return NULL;
	return $line['level'];
}
function do_login($email, $password) {
    $encpwd = md5($password); 
	$query = "select * from users where email='$email'";
	$result = mysql_query($query);
	if($result == NULL)
		return false;
	$line = mysql_fetch_array($result, MYSQL_ASSOC);
	if( $line['password'] !== $encpwd )
		return false;
	
	$_SESSION['logged']=TRUE;
	$_SESSION['level']=$line['level'];
	
	$query = "update users set session='".session_id()."' where email='$email'";
	$result = mysql_query($query);
	mysql_free_result($result);
	return true;
}
function do_logout($user) {
	$query = "update users set session='' where user='$user'";
	$_SESSION['user_level']=0;
	$result = mysql_query($query);
}
function user_exists($email) {
	$query = "select email from students where email='$email'";
	$result = mysql_query($query);
	if($result == NULL)
		return false;
	$line = mysql_fetch_array($result, MYSQL_ASSOC);
	mysql_free_result($result);
	return $line !== FALSE;
}
function create_user($user, $password, $email) {
    $encpwd = md5($password);
	$query = "insert into users set user='$user', password='$encpwd', email='$email'";
	$result = mysql_query($query);
}
function edit_student($user, $password, $email) {
    $encpwd = md5($password);
	$query = "insert into users set user='$user', password='$encpwd', email='$email'";
	$result = mysql_query($query);
}

?>